Bitcoin is not decentralized

Bitcoin was designed by Satoshi Nakamoto, and the primary client is developed by a bunch of folks at bitcoin.org. Do you care who these people are? In theory, you shouldn’t: all they do is develop an open source client for an open source protocol. Anyone else can develop their own client (and some people have) and no one, save the agreement of everyone in the Bitcoin network, can change the protocol. This is because the Bitcoin network is designed to be decentralized.

If you believe in the long term viability of Bitcoin, you should care who these people are. While Bitcoin itself is decentralized, the transition from Bitcoin to a new currency cannot be. This transition is guaranteed by the fact that all cryptosystems eventually become obsolete. Who will decide how this new currency is structured? Likely the original creators of Bitcoin, and if you have significant holdings in Bitcoin, you should care who these people are.

The following essay will flesh out this argument more carefully, as follows:

Cryptosystems, including cryptographic hashes, must be used with the understanding that they must eventually be replaced. One might argue that “If Bitcoin’s cryptography is broken, the rest of the financial industry is in trouble too”—we explain why this is irrelevant for Bitcoin. We also see why it’s reasonable to expect Bitcoin, if it becomes a serious currency, to stick around a long enough timespan for this obsolescence to occur.

There are several rough transition plans circulating the Bitcoin community. We describe the most common decentralized and the most common centralized variant, and explain why the decentralized variant cannot work in a non-disruptive manner, appealing both to economics and existing markets which have similar properties.

We more carefully examine the implications of these decentralized and centralized transitions, and assess the risk of the transition, in comparison to the other risks facing Bitcoin as a fledgling currency. We suggest that, while the transition of Bitcoin is not a central concern, the idea of naive decentralization is a myth that needs to be dispelled.

I’ve divided the essay into sections so that readers who are interested in specific sections of the argument. Feel free to skip around.

The cryptosystem time bomb

“All cryptosystems eventually become obsolete.” Compared to currency, cryptographic hashes are a relatively recent invention, dating only as far back as the 1970s. MD5 was invented in 1991, and it only took about a decade and a half to thoroughly break it. For computer programmers, the shifting landscape of cryptography is a given, and systems are designed with this in mind. Consider, for example, SSL certificates, which are used to secure many transactions on the Internet, including financial transactions. These need to be renewed every few years, and as new certificates are issued, their level of protection can be increased, to use newer ciphers or longer key sizes. Most current uses of cryptography follow this pattern: the ciphers and keys can be replaced with relative ease.

Bitcoin, however, is special. The way it achieves decentralization is by embedding all of its relevant technical details in the protocol. Among these is the hashing algorithm, SHA-256. It is literally impossible to “change” the hashing algorithm in Bitcoin; any change would constitute a change in the protocol, and thus result in a completely new currency. Don’t believe anyone who tells you otherwise. The argument “If Bitcoin’s cryptography is broken, the rest of the financial industry is in trouble too” is irrelevant, because other financial institutions have central control of the ciphers they use and can easily change them: Bitcoin cannot. And due to the possibility of weaknesses in SHA-1 spilling into the SHA-2 family (among which SHA-256 is a member), a competition for SHA-3 is already being held.

Will Bitcoin last long enough for fraudulent transactions to become practical? It may not (after all, there are many other possible problems with the currency that may kill it off before it ever gets to this stage.) However, if it does become established, you can expect it to be a hardy little bastard. Currencies stick around for a long time.

Decentralized and centralized currency transition

The Bitcoin community has realized the fact that a transition will become necessary, and though the general sense is that of, “We’ll figure it out when we get there,” there have been some vague proposals floated around. At the risk of constructing strawmen, I would like to now present my perception of the two most popularly voiced plans. First, the decentralized plan:

Because cryptosystems don’t break overnight, once the concern about SHA-256 becomes sufficiently high we will create a new version of Bitcoin that uses a stronger cryptographic hash. We will then let the market decide an exchange rate between these two currencies, and let people move from one to the other.

This is decentralized because anyone can propose a new currency: the market will decide which one will win out in the end. It also cannot possibly work in a nondisruptive manner, for the simple reason that anyone seeking to exchange the old Bitcoin for the new one will have to find a willing buyer, and at some point, hyperinflation will ensure that there are no willing buyers. All existing Bitcoins will then be worthless.

At this point, we’ll take a short detour into the mooncake black market, a fascinating “currency” in China that has many similar properties to an obsolescing Bitcoin. The premise behind this market is that, while giving cash bribes are illegal, giving moon cake vouchers are not. Thus, someone looking to bribe someone can simply “gift” them a moon cake voucher, which is then sold on the black market to be converted back into cash.

Those partaking in the moon cake black market must be careful, because once the Autumn Festival arrives, all of these vouchers must be exchanged for moon cakes or become worthless. As the date arrives, you see an increasingly frenzied game of hot potato for the increasingly devalued vouchers. The losers? They end up with lots of moon cakes. There is of course one critical difference, which is that the losers of the Bitcoin game are left with nothing at all.

Is this a transition? Yes. Is it disruptive? Definitely yes. It is certainly not what you want a currency you’re using for every day transactions to be doing. Of course, this may be acceptable risk for some industries, and we’ll analyze this more in the last section.

Here is the centralized plan:

Once the concern for the hashing algorithm is high enough, we will create a new Bitcoin protocol. This protocol will not only include a new hashing algorithm, but also be based off of the value of the old Bitcoin economy at some date: at that point, all newer transactions are invalid in the new Bitcoin scheme, and that snapshot is used to determine the amount of Bitcoins everyone has.

There is a variant, which deals with the case when active attacks are being carried out against the hashing algorithm before they have managed to switch, which involves marking specific block chains as known good, and zeroing out suspected fraudulent transactions.

Is this plan really centralized? Yes: someone needs to design the new protocol, to convince all the clients to buy into it, and to uniformly switch over to the new economy when the day arrives. The fragmentation of the Bitcoin economy would be extremely disruptive and not in the best interests of any of the main players. Any other changes to the Bitcoin protocol (and at this point, there probably would be many proposals) could have massive implications for the Bitcoin economy.

Implications and risk

Here, we assess the question, “Do I really care?” In the short term, no. Bitcoin has many, many weaknesses that it will be tested against. Though I personally hope it will succeed (it is certainly a grand experiment that has never been carried out before), my assessment is that its chances are not good. Worrying excessively about the transition is not a good use of time.

However, this does not mean that it is not an important fact to remember. The future of Bitcoin depends on those who will design its successor. If you are investing substantially in Bitcoin, you should at the very least be thinking about who has the keys to the next kingdom. A more immediate issue are the implications of a Bitcoin client monoculture (one could push out an update that tweaks the protocol for nefarious purposes). Those using Bitcoin should diversify their clients as soon as possible. You should be extremely skeptical of updates which give other people the ability to flip your client from one version of the protocol to another. Preserve the immutability of the protocol as much as possible, for without it, Bitcoin is not decentralized at all.

Thanks to Nelson Elhage, Kevin Riggle, Shae Erisson and Russell O’Connor for reading and commenting on drafts of this essay.

Update. Off-topic comments will be ruthlessly moderated. You have been warned.

Update two. One possible third succession plan that has surfaced over discussion at Hacker News and Reddit is the decentralized bootstrapped currency. Essentially, multiple currencies compete for buy-in and adoption, but unlike the case of two completely separate currencies separated only by an exchange rate, these currencies are somehow pegged to the old Bitcoin currency (perhaps they reject all Bitcoin transactions after some date, or they require some destructive operation in order to convert an old Bitcoin into a new one—the latter may have security vulnerabilities.) I have not analyzed the economic situation in such a case, and I encourage someone else to take it up. My hunch is that it will still be disruptive; perhaps even more so, due to the artificial pegging of the currency.

The article seems to be entirely based on the fact that the protocol cannot be changed without the creation of a new currency. And the only justification given is “Don’t believe anyone who tells you otherwise”.

Could you elaborate on that ? Why couldn’t the protocol changed to SHA-3 gradually without booting a new currency ?

We are not rebooting a new Internet because of the IPV6 switch.

Could have an interconnexion period with clients capable of working in both modes, then SHA-3 only. The old blockchain would contain compromised addresses though, so you would have to transfer the funds to a new address.

If you find any problems about bitcoin you can talk to the developers and/or the community. It’s possible to upgrade the algorithm of bitcoin. It’s just not necessary at the moment. Sounds like you don’t really want a cryptocurrency to become successful…

Anonymous 1: Thanks! That’s the right way to think about it. Just keep it in the back of your mind.

RJ Ryan: I’m glad to hear that there are multiple clients. This is a good thing for Bitcoin.

wtf: That is precisely what I have described is the centralized transition scheme. The argument stands that this does put some amount of power in the hands of those handling the transition.

Bitcoin: Yes. How this transfer will be carried out is the question.

Anonymous 2: I don’t hate Bitcoin. I think it is an extremely valuable experiment, and I have absolutely no idea how it will turn out. However, because we have no idea how it will turn out, we should be thinking about possibilities.

Anonymous 3: A reasonable argument. I don’t make any claims about the stability of modern currencies.

Anonymous 4: Yes. The question is who will be in charge of eventually upgrading the protocol, or whether or not a disruptive, decentralized, market style transition could ever work.

[…] entire value lies in its complete imperviousness to attack and its fixed quantities, which seems irrational to expect. If it is hacked in such a way that a few more bitcoins are produced, faith in the system will […]

A reasonable discussion, and one I appreciate. Not without flaws but better than most of the bitcoin discussions I have seen as late. I am incredibly optimistic about Bitcoin AND its successors, as I think many people are. I think your best point was that one can separate the idea of P2P currency from Bitcoin specifically. I personally care far more about the idea of P2P currency and while I hope Bitcoin succeeds I think it represents a potential fundamental shift towards freedom. My thoughts are here: https://signnow.com/blog/2011/05/16/bitcoin-p2p-currency-ou-greatest-hope-for-liberty/

I’ve known about Bitcoin for about a week. Once I got my head around the fact a fiat currency without a government or indeed any institution behind it can actually be a *good* thing, I started really raving about the idea. It just seems like every so often I come across another “weakness” eloquently described, only to discover that the bitcoiners had already thought of that one and have an equally eloquent rebuttal. Who to believe? In the end the layman is forced to trust the experts, and the experts can only really be trusted when they put their money where their mouths are. It’s not a nice feeling to know you’re following the herd, but we mere mortals sadly have no choice. Ultimately if Bitcoins are ever going to go mainstream, experts convincing each other just doesn’t cut it. A large financial or retail institution needs to back it. Here’s hoping one does.

@author: “who will be in charge of eventually upgrading the protocol ?”

It’s an open source – community driven project. As with the other such projects, the decision will be consensus based, or, if no consensus can be reached, a vote will take place.

The keyword is forkability.
If the current leads of the project mess up and do something bad, a fork will happen. The changes that were advocated by the majority and refused by the core team will be implemented in a new client which will – by definition – be deployed to a majority of nodes.

Continuity of the currency need not be disrupted.
We delegate decision power to the mainline client devs as long as it’s deserved.

I disagree. An active community is rapidly growing around Bitcoin, and this community looks a lot like the early communities of successful free/open-source projects.

Judging Bitcoin’s ability to evolve at this point in time, thus, is akin to judging GNU/Linux’s ability to evolve in the early 90’s. In both cases one must take into account a growing community that can create the technological and administrative infrastructure necessary for the project to adapt to, survive, and thrive with the times.

Growing demand for Bitcoin, which might be quite large in the long run ( I’ve posted some thoughts on this at http://cs702.wordpress.com ), should help continually attract new members to the community over time.

The parallels with existing open source projects are misleading. With most open source, switching is a fixed cost, that decreases over time as more people make the switch and it becomes better documented. With currency, the situation is much different. In a free market situation, switching costs increase asymptotically over time, until it is impossible to exchange Bitcoins for the hypothetical new Bytecoin.

I will admit that I have not thoroughly investigated the implications of pegging a new currency on the previous distribution of Bitcoins at some point in time. This would likely have complex interactions with both economies, and I’d love to see someone do an analysis of that.

Who would create a new version of bitcoin?
Technical lead for bitcoin is Gavin Andresen from “Princeton University.”

You don’t trust a computer science major form Princeton? Moreover, bitcoin is Open Source. You don’t have to “Trust” anyone. That is like saying, “I don’t trust Linus Torvalds, so I don’t trust the Linux kernel.” Even though the Linux kernel is Open Source, and has contributors form nearly all the worlds leading corporations, governments, and private developers. All these same people also have free access to the code for security analysis.

As for the cryptography argument. They way bitcoin works one would need to find a vary specific flaw in SHA-256 to cause a problem for bitcoin. The problem with MD5 is that computers have gotten a whole lot faster, so it is reasonable to brute force a ‘MD5 Password Hash.’ This would never be a problem with bitcoin. If some advances were made in computer hardware, or some way was found to get the next bitcoin’s block’s hash with less rounds, then EVERYONE would be producing the blocks much faster. Then the network would simply make the hash harder to get like it always doses. This would be no different then bringing a new bitcoin mining rig on-line.

The attacker would still need the SAME amount of computing power. They still need >50% of the total network.

What would need to be found is a way of producing SHA-256 hash coalitions vary easily. With a flaw like that, one could take over or crush bitcoin easier. However, I really do not see that happening. It is far far more likely that a hashing algorithm be made obsolete by an increase in computing power or being able to create the hash in less rounds.

Remember it is an ever expanding hash tree you have to overthrow, not just a password hash that you can use a rainbow table against.

Various individuals have differences on who they prefer to trust. A libertarian or anarchist would prefer not to have to trust a CS graduate from Princeton at all. I personally would have no problem for a normal open source project; but I might be a bit more stringent about cryptographic/financial software.

Actually, the distinction between the various crypto Bitcoin uses is a legitimate one, although your research is not quite there yet either. It appears to be the case that an attack that strictly affects SHA-256 would only appear to affect mining difficulty: in order to fake transactions, one would need to find a vulnerability against the elliptic curve secp256k1. In fact, there was a discussion in the Bitcoin forums on this topic, and the issue of succession came up! (Though they don’t talk about how disruptive something like that may be.)

Edward, I find the term “switching costs” misleading here. A more appropriate term to describe such costs might be “transitioning costs,” or even better, “upgrading costs.”

While we’re at it, I also find the term “centralized plan” misleading. A more appropriate term to describe such a plan, I think, might be “community plan,” or “agreed-upon plan.”

For as the Bitcoin community grows and evolves, it will surely develop infrastructure and processes necessary to propose, debate, agree upon, and execute future upgrade plans.

(Indeed, code for the upgrade could be widely distributed well before any actual upgrade takes place — the people behind Bitcoin are evidently smart enough to anticipate this need.)

As with other popular free, open-source projects, any transition would thus be openly proposed, debated, agreed upon, and announced in advance. When there is political coordination, it can be done without the cost to upgrade increasing as you say.

You can rename it into the community plan—I’m fine with term punting. And it may be reasonable to rely on the community. But this is qualitatively different from a fully decentralized, free market solution, and while “community decision making” sounds nice, anyone who has participated in open source also knows that there also many broken hearts along the way.

I know you meant “switching costs” in the standard economic sense, but in this case the term was (unintentionally) misleading, because it lumps near-zero-cost actions like, say, upgrading the version of Ubuntu on a desktop PC with high-cost actions like, say, switching the same PC to a completely different OS.

I never suggested that “community decision making” will be nice or pleasant — a quick look at the heated debates that shape any successful open-source project quickly dispels that notion. I only pointed out that the Bitcoin community looks a lot like the early communities of successful free/open-source projects — the ones that have managed to evolve with the times.

You are right, though, about Bitcoin’s global, growing community being qualitatively different from a fully-decentralized, free-market solution.

You make a good point that Bitcoin depends on those who define the protocol. That core developer group is more centralized than the Bitcoin network itself.

I think you’ve overestimated the switching costs. The protocol has been changed before with minor cost. As a Bitcoin user, my switching costs were: read the change log, install the new Bitcoin client. Most protocol changes are made to take effect at some future date; giving users plenty of time to upgrade.

Each user’s decision to upgrade his client or not could be viewed as a vote on whether the protocol should change. That aspect is highly decentralized.

My impression is that the protocol changes that have been pushed to the official client are fully backwards compatible. My claim is that cryptographic updates cannot be backwards compatible; they are an all or nothing deal.

Edward, as better hashing and signing algorithms become available and the cost of computing power decreases over time, couldn’t Bitcoin developers release new versions of the client that use improved algorithms for new transactions (i.e., those occurring after some arbitrary cutoff date) but leave the historical record (i.e., transactions occurring on or prior to the cutoff date) hashed and signed with the previous protocol? (Note that this can be done proactively, before there are any attacks on the old protocol.)

No, I would not be relying on the Bitcoin developers to “design the updated protocol and convince everyone;” I would be relying on a growing community transparently debating and deciding on each upgrade to the protocol. The two are different processes.

I like this essay. It seems to be the first that addresses the problem with the “bitcoin monoculture”. This raises the need for serious testing and verification efforts of the bitcoin client. Perhaps it will become worthwhile to formally verify (a core part) of the bitcoin client?

The short version is that anyone who can earn the trust of the community can upgrade the protocol. As it is there are already multiple clients (such as BitcoinJ) and modified clients (usually for websites, etc. but sometimes for individual use as well).

there are always going to be people who need mooncakes… someone with a large family will purchase the vouchers and put “cash” back in the system.

You can also see more barter happening on the internet. I would love to sell some of my handmade items for facebook$ rather than the other way. I also like swap sites where you swap games for points and then you use those points to “buy” other games.

The thing with an alternative global currency system, is that if you amass to much of it, there wouldn’t be anywhere to put it, or anything to buy with it. There should be some kind of limit, like Visa gift cards, or mooncakes.

“With most open source, switching is a fixed cost, that decreases over time as more people make the switch and it becomes better documented. With currency, the situation is much different. In a free market situation, switching costs increase asymptotically over time, until it is impossible to exchange Bitcoins for the hypothetical new Bytecoin.”

Can you specify, the cost for WHO?

With other open source software, those using the old version of the software see their cost increase asymptotically in the way of less interoperability with other software, as others upgrade to the newer version. This has a parallel with bitcoin being upgraded to a new version, and those using the older version seeing their bitcoins lose value as the number upgrading to the new version increases.

For several years I’ve worked and been paid by the currency of “In Kind”.
As in: I fix your laptop, you make me a casserole. I paint the house, you skip my rent for a month. I mind your kids for a week while you work nights, you buy me a couple of computer games (for me and your kids).

We’ve all done this to some degree but it hinges on your relationship with the people you know. BitCoin promises a similar economy, globally.
However, BitCoin hasn’t been around all that long and I’m sure that the recent publicity surrounding it is going to attract financial assholes of all species, and inevitably ruin it for good.
So for the moment, can anyone give me some solid examples of when they used BitCoin for something worthwhile? Like buying basic goods or services? Tools or skills training? Sex? Drugs? A day at the beach?

I ask because I still see a need to sell this to Joe & Jane Citizen out there.

First, congratulations because you are one of the very few people who have criticized Bitcoin with logic and sense.

That said, I think you are making a mistake by calling the second solution a centralized transition. Its not as decentralized as the first one, but it still requires that a majority of participants voluntarely accept the new scheme, so its quite decentralized.

Also, I think you are wrong when you say that a sensible solution is not in the best interest of the big players. Actually a sensible solution is probably the main interest of the big players, since they want their bitcoins to keep having value and they know they need a smooth transition to not cause panic.

In my opinion, when the time arrives, a sensible transition will be agreed and implemented in a non disruptive way because its in the interest of all the people in the Bitcoin community.

Having a degree in computer science doesn’t necessarily mean you understand economics, something many Bitcoin advocates don’t seem to understand.

Bitcoin is a fiat currency like any other, minus institutional backing and regulation (a form of “insurance”). Having founded several businesses, I regard Bitcoin as a toy, and would not use it. The US Dollar may be a fiat currency, but it is essentially stock in the US economy and its trading partners, backed up by the US armed forces and several thousand nuclear weapons. I know the money I have parked in an FDIC insured account is as safe as anything can reasonably be.

The people raving over Bitcoin should really spend some time studying the financial history of the United States. We went through a period where we had no central bank, plus unregulated currency. Compare those periods to the post-depression era when Glass-Steagall and other regulations were in effect. Before the Depression, financial crises were much more common. After, we went nearly 70 years without a major collapse (and one can argue that the relaxation of regulations was a major contributing factor to the 2008 mess). It has been pretty well proven that unregulated financial instruments lead to unhappy outcomes (credit default swaps for example).

Bitcoin is even worse because the anonymity and decentralized nature of the system basically guarantees that bad actors will ruin it for everyone. As a businessperson, I don’t want anonymity. I want to know who my counterparties are, and have a central authority I can go to (i.e. a bank) if someone breaks the rules. Building a system that is so friendly to illegal activity is stupid because it creates a systemic risk for everyone else.

What happens when the IRS, Secret Service or DEA starts shutting down exchanges?

Some of your statements are objectively wrong. Bitcoin is not a fiat currency. Fiat means imposed using violence or thread of violence, usually by governments. Bitcoin is a voluntary currency, just like gold and silver were initially.

You correclty stated that dollars are fiat currency. The problem is that you seem to think that just because the nominal value of your dollars wont go down, the real value wont neither. This is obviously false, since one of the objective of modern central banks is to create a fixed rate of price inflation (their success is another issue).

If you decide to study monetary history you will see that stablished voluntary currencies kept their value while government currencies are always devaluated and loose value. So you are not safe holding dollars, you need to risk them by investing them just to keep your savings. The record is abismal: history shows that government currencies are much more riskier than stablished voluntary currencies.

Bitcoin is not (yet) a stablished voluntary currency, is a young project, so it has still a degree of risk, but with lots of potential due to its characteristics.

The last part is blatantly wrong. Bitcoin allows you to be pseudo-anonymous (all the transactions are public), but you as a businessman are not forced to trade with someone anonymous. Bitcoin doesnt stop you from only trading with people that have identified themselves. And why would the DEA or IRS shut down Bitcoin-USD exchanges? MtGox, the biggest Bitcoin exchanger right now, is located in Japan and has offered collaboration with the USA government.

the discussion about obsolescence of the protocol is idiotic. bitcoin may wish to be unlike any other currency – but it is still a currency. the serious issues are not technical but monetary – like how to control the amount of issuance of new money? bitcoin founder thought he had the answer, fix the schedule and maximum eventual number of coins from the very beginning. it is not hard to see that if bitcoin is to capture a significant percentage of all online commerce – which it could do if its designers were a bit more business savvy – each of the 21 million bitcoin would have to be worth several thousand dollars in order to make total amount in circulation equal to the current amounts circulating in online commerce.

And what did the nerds think of? Well, as they have it, the creation of bitcoin is slowing down as it is more widely accepted instead of accelerating at the same pace as adoption. If i was doing it, to start with i would incorporate a mechanism for splits and a target exchange rate – say peg it 1-to-1 to a basket of major currencies say, 1$+1€+100¥.

not to mention that running GPUs full-on just to make virtual coins, while generating actual CO2 is very much harmful for the environment AND the economy. I, personally, condemn this blatant disregard for consequences.

Sorry, but any “currency” that flucuates in value by a factor of 20 within weeks, and was created by a pseudonymous person who may or may not be Japanese, and whose primary exchange does not have a physical address, is a joke. It Bitcoins were backed in gold, and could be traded on existing commodity markets that are run by adults, totally different story.

Basically if you buy a currency that is not liquid or backed by a commodity that can be traded on real markets (versus a toy market operated by World of Warcraft types), you’re a moron, and deserve to lose your shirt.

Thanks, interesting article. People should be more aware of this potential problem.
That said, currency disruption events happen often in the real world. War, natural disasters, economic mismanagement etc, the list could go on. No currency is invincible, no matter how many nuclear bombs the have pointing.
Meanwhile, bitcoin has only the encryption strength to worry about (and that there are enough good guys on the network to confirm the transactions)
Finally, Bitcoins or USD, investing in cash is a terrible idea.

Who would have guessed that the Bitcoin exchanges were happy to sell you Bitcoins in exchange for real money, but when too many people tried to convert Bitcoins back into real money, the exchange that accounts for 90% of transactions suddenly collapsed.

Oh, and it didn’t seem the slightest bit fishy that “Mt. Gox” didn’t have a physical address, or even a phone number? If you’re dumb enough to trust that “bank”, you deserved to lose your cache of WoW bingo chips.